Uploaded image for project: 'Libcloud'
  1. Libcloud
  2. LIBCLOUD-55

this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 0.4.0
    • Fix Version/s: None
    • Component/s: Core
    • Labels:
      None

      Description

      this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
      urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
      from base.py
      class ConnectionKey(object):
      """ A Base Connection class to derive from.
      """ conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)

      .... def connect(self, host=None, port=None):
      ..... connection = self.conn_classesself.secure

      this request can be MITMed leading to the compromise of a users API key - where a secured https connection was requested, but can be MITM'ed.

        Attachments

          Activity

            People

            • Assignee:
              jsmith Jed Smith
              Reporter:
              d1b dave b ^^
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: